CVE-2020-28976 Scanner
Detects 'Server-Side Request Forgery (SSRF)' vulnerability in Canto plugin for Wordpress affects v. 1.3.0.
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 sec
Scan only one
Url
Toolbox
-
The Canto plugin for WordPress is an image management tool that enables users to easily upload and organize their images within their WordPress sites. It allows the user to create galleries, edit images, and share them with others. Canto plugin makes it simple and easy to control and maintain images online, and improve on-page visuals.
Recently, a security flaw has been detected in the version 1.3.0 of the Canto plugin used by WordPress. The vulnerability code is known as CVE-2020-28976. The vulnerability arises due to a blind SSRF bug, which permits unauthenticated aggressors to make requests to external and internal servers via /includes/lib/detail.php?subdomain=SSRF.
The CVE-2020-28976 vulnerability enables hackers to perform a Server Side Request Forgery (SSRF) attack to impersonate the plugin and send requests to a target web server. These attackers can also use the plugin as a proxy server to bypass firewalls, access internal data, and steal sensitive information. This vulnerability could put users’ digital assets at extreme danger of cyberattacks and sabotage.
Thanks to securityforeveryone.com, users can quickly and efficiently learn about vulnerabilities in their digital assets. The platform employs a broad range of pro features that recognize and locate potential hacking threats, enabling users to take preventive steps before their systems become vulnerable. With the use of this platform, website owners can secure their digital assets, defend their privacy, and keep their confidential data safe from hackers and cybercriminals. Overall, taking preventive measures and utilizing security software tools is crucial to preserve the safety and security of digital assets on the internet.
REFERENCES
- http://packetstormsecurity.com/files/160358/WordPress-Canto-1.3.0-Server-Side-Request-Forgery.html
- https://gist.github.com/p4nk4jv/87aebd999ce4b28063943480e95fd9e0
- https://github.com/CantoDAM/Canto-Wordpress-Plugin
- https://wordpress.org/plugins/canto/#developers
- https://www.canto.com/integrations/wordpress/
control security posture